Compass · Legal

Privacy policy

The Compass is a neutral technical layer. Our commitments to your data are enforced at the architecture level, not at the level of promise.

In-region residency

Personal healthcare information never leaves your jurisdiction. Residency is architectural (per-region database clusters, network policy, and a gateway-level RegionGuard), not a configurable setting.

The patient owns the record

Your health record belongs to you. A clinician sees it only with your explicit consent, and it is correction-only — a correction is added as a new entry, never by deleting or overwriting what came before.

Immutable audit log

Every read, every write, and every change to your data is recorded in the audit_log table under an INSERT-only policy. No user holds UPDATE or DELETE rights on this table — not even the database administrator.

No shared financial exposure

The Compass is never a party to the financial chain between patient and provider. The booking-confirmation fee is paid directly to the provider's facilitation merchant account through Moyasar, and the Compass receives only a webhook to activate the booking.

This page is a summary of the platform's architectural privacy commitments. The full legal text is under review by the legal team against the Saudi Personal Data Protection Law (PDPL) and SDAIA references, and will be published here once approved.